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Virtual computing resources are provided via a cloud system that is both 
clever and intelligent. Based on the user's request, computing resources are 
made available. A hybrid cloud is the best option for storing and accessing 
user data for cloud deployments. Maintaining security in a hybrid cloud 
environment is time-consuming. This study provides a novel strategy for 
securing data in the hybrid cloud by ensuring the user's data is protected. 
Users' data in a hybrid cloud is protected using cryptographic approaches 
provided in this approach. Using this strategy, users' data may be protected 
in public and private clouds using various encryption methods. The 
suggested data security paradigm offers various advantages to both 
consumers and providers in terms of data security. Three symmetric 
encryption methods are offered as a service in the cloud. The concept is 
implemented as a cloud-based application hosted in the cloud, and the 
effectiveness of three strategies is assessed. They are evaluated in terms of 


performance and security. Using the recommended encryption methods in a 
hybrid cloud environment is more efficient than using other methods. The 
proposed technique can be used for relational data. It can be modified and 
enhanced to process multimedia data. 
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1. INTRODUCTION 

Cloud computing is a new technology that makes advanced computing more accessible to both 
consumers and service providers. Cloud computing is a kind of computing that allows customers to access 
infinite processing power. The cloud data centre provides computer resources. Many computers and servers 
are housed in a data centre facility, which is open 24 hours a day, seven days a week, to supply the necessary 
resources. Most small and medium-sized businesses rely heavily on the cloud for their operations. Software, 
platform, and infrastructure components make up the cloud resources. 

Furthermore, infrastructure as a service (IaaS) serves as the principal platform for the delivery of 
cloud-based services. Amazon was the first to provide IaaS, but now companies like Google, Microsoft, and 
others may give support for it. Using the cloud ensures that the user can access the data they've provided 
whenever needed. The cloud provides the greatest level of security for data against physical damage. It's 
worth noting, though, that the cloud is more susceptible to data breaches when it comes to cloud-based data. 
The cloud's ability to prevent piracy is one example of this. Abuse and tapping [1] are all examples. Public 
and private, as well as hybrid cloud options, are available. Using a hybrid cloud for public and private data 
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storage is more efficient. A high-end cloud setup, a hybrid cloud [2] is just that. The national institute of 
standards and technologies (NIST) defines a hybrid cloud as one that "combines two kinds of clouds such 
public and private cloud technology consistent or exclusive computing allowing data and application 
mobility. Hybrid cloud adoption may be justified for a variety of reasons. 

Although they may be motivated by the goal to create elasticity, virtualized resources, metered 
service, or load balancing management, probably, they are not. Hybrid cloud adoption is common due to its 
ease of use. It excels in data recovery and cloud service availability [3]. Because of this, businesses may store 
sensitive data in the private cloud and non-sensitive data in the public cloud, known as the hybrid cloud 
model. Utilizing both public and private clouds reduce the amount of money spent on data security. It is 
possible to significantly reduce costs while simultaneously boosting application accessibility using a hybrid 
cloud disaster recovery approach. As a result, hybrid cloud solution providers would be required to use this 
as a major phase. The hybrid cloud also has the advantages of quick service delivery, simple transfer from 
capital expenditure (CAPEX) to operating expenses (OPEX), reduced administrative load, group cooperation 
and global scope, low cost, and ease [4]. Hybrid cloud models are used by 55% of enterprises, according to 
the most recent research [5]. The private cloud model is used by 45% of businesses, whereas the public cloud 
model is used by 32% of businesses [6]. 

Data security is the cloud's darkest side for users who doubt its advantages of the cloud. The largest 
difficulty in the cloud is data security, and that challenge is only becoming worse with time [7]. Businesses 
and their customers suffer greatly if their data is stolen or corrupted. The most pressing worry in the cloud is 
data security [8], [9], cloud computing demands stronger and better data security design [9] since it is a 
massive computer network. To avoid a cryptographic data leak, a hierarchical management strategy that 
combines user passwords with secret sharing is presented [10]. For cloud data security, [11] established and 
implemented symmetric key encryption, which encrypts a file locally at the client-side before to uploading to 
the cloud and decrypts the file after downloading on the client-side using the key obtained during encryption. 
Using cryptography, you may ensure the safety of your data. The cloud environment, however, does not 
benefit from all cryptographic methods [12]. It is proposed in this study that two separate cryptographic 
encryption algorithms be used to safeguard hybrid cloud data instead of one single security solution. In order 
to address current security and privacy problems, such as data loss, data manipulation, and data theft, this 
study intends to provide a data security model based on cryptography and steganography for data in cloud 
computing [13]. The majority of researchers focused on cloud computing's security problems. Cryptography 
techniques [13] may generally be used to ensure data security. Data in the cloud is protected by various 
cryptographic services, including authentication, confidentiality, integrity, and so on [14]. According to a 
majority of the writers, classical cryptography encryption approaches were used to solve cloud data security 
challenges [15]-[17]. A novel cryptographic method has also been suggested by various writers in [18]—[21]. 
The problem is that in their proposal, most of them are merged with one or more current encryption schemes. 

When two encryption methods are combined, the output is not as efficient as it may be. Both 
internal and external assaults compromise cloud data. The authors proposed mitigation measures [22], [23]. 
Cloud maintenance engineers at the cloud data centre [24] carry execute this assault, making it more difficult 
to monitor. Because the outside cloud users attempted to access the data without authorization, the external 
assault can readily be traced. Security measures for data storage have previously been proposed by 
researchers [25]—[29]. In order to secure the data in cloud storage against unwanted exposure, this study [30] 
suggests a secrecy mechanism as a security service algorithm (SSA), called MONcrypt. A novel genetic 
algorithm-based model (GA) CryptoGA is designed to address data integrity and privacy concerns [31]. 
There are certain restrictions in classic symmetric and asymmetric. To address this, a novel hybrid approach 
[32] is presented by combining elliptical curve cryptography (ECC) and blowfish that will ensure great data 
security and secrecy. Joshi et al. [33] discusses about how security affects cloud computing and all of the 
difficulties that come with it. In addition to detailing the research potential for using cryptographic 
approaches in cloud computing, this paper offers a review of a wide range of cryptographic schemes created 
for protecting sensitive data in the setting of cloud computing [34]. According to the literature, a security 
framework is predicted to be more effective in preventing data security breaches. Cloud users are not likely 
to be affected by this. When it comes to cloud security, there is much-interrelated work. This section sums up 
the work done by each researcher thus far. In addition to this effort, cloud-based assaults on data security 
remain increasingly common. 

Because of this, data security stored in the cloud is critical. Cloud computing provides the 
opportunity to outsource IT services. Outsourcing data creates a slew of new cloud security issues. Data 
security is the key concern when it comes to cloud security. The cloud service providers are in charge of 
maintaining and controlling the data that has been outsourced. Third-party cloud service providers are not 
known to the user. Users can't find where their data is being kept and who is responsible for maintaining it. 
Cloud service providers prepare user data following their standards. Providers may have more options to 
learn about the data uploaded to the cloud. In the cloud, data security is offered in two ways: while the data is 
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in transit and when the data is at rest. Internal and external users may both assault data in transit and while it 
is stored on the network. Data security in a hybrid cloud environment is a top priority, but it's also time- 
consuming. The data is encrypted by the user and saved in the cloud to prevent these issues. 


2. ALGORITHM 
2.1. PUCSCipher 

Data stored in the public cloud is the primary target of this symmetric encryption. The public cloud 
service cipher (PRCSCipher)'s execution process is outlined here. The logical flow of the PUCSCipher is 
represented in Figure 1. 


Convert to binary, consider the 64-bits block of data for encryption 


Get key of size 196-bit. Last four bits from the key denotes the number of rounds the encryption 
carry out 


Round Function Starts and runs up to the number of rounds denoted by 
the key bits +- 


Form an 8X8 matrix and arrange 64-bit plaintext 


Convert the first 64-bit in the key into corresponding eight decimal values and arrange the eight 
decimals on the top of each eight-column of the Matrix. 


32-bit blocks by reading even and odd positional bits separately 


Get the second 64-bit Subkey 196-bit key and split the it into two 32-bit keys and find the XoR of two 32-bit plaintexts with 
two 32-bit keys and get the result of two 32-bits blocks. 


The 32-bit swapped and merged the resulting two 32-bit blocks into 64-bit by alternatively placing bits from both 
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The resulting 64 bits out from the round function is the ciphertext. 


Figure 1. Logical flow of the PUCSCipher 


Algorithm 1 PUCSCipher 

1. Input Plain Text is used to collect data from users (PTEXT) 

2. PTEXT's binary files are the next thing to look at. 

3. Input PT is partitioned into 64-bit blocks in this step. 64-bit blocks are encrypted in PUCSCipher at a time. 
4. The key for PUCSCipher may be obtained from KPMaasS in step 4. 
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The KEY's last four bits indicate the number of encryptions rounds to be performed. 

This is the last step before we begin the round function. Create an 8x8 Matrix MAT using the PTEXT. 

SKEY 1 is the first 64-bit subkey of 196-bit key SKEY1 in step 7. 

SKEY 1 64-bit is converted into eight decimal values in step 8. 

Place the eight decimal places at the top of each of the MAT's eight columns. 

0. Using the ascending sequence of the eight decimal values at the top of each column, read the bits from 

the MAT one by one. 

11. The 64-bit is divided into two equal 32-bit blocks by reading even and odd positions individually. 

12. Get the second 64-bit subkey SKEY2 from the 196-bit KEY in step 12. 

13. Split the SKEY2 into two 32-bit keys in step 13 of the tutorial. 

14. Two 32-bit plaintexts and two 32-bit keys are used to find the XoR of each other. 

15. The 32-bit swap is completed in step 15. 

16. Alternately place bits from the two 32-bit blocks to merge them into a 64-bit block. 

17. The round function has been performed in step 17. Depending on the number of encryption rounds, the 
steps from step 6 through step 15 are repeated numerous times. The first round's results are used as the 
starting point for the second round. 

18. A 64-bit result is generated after all rounds. Subkey SKEY3 from key K is XoR with the third subkey 
SKEY3. 

19. The ciphertext CTEXT is the 64-bit result from Step 17. 


RONAN 


2.2. PRCSCipher 

In order to protect the user's private cloud data, private cloud service cipher (PRCSCipher) uses 
symmetric block cypher encryption. In order to protect sensitive data, the author suggests Using 
PUCSCipher, the information is encrypted into a 64-bit block. Depending on the key, it will run for a certain 
amount of iterations. Variable pieces of input data result in a different number of rounds of encryption. The 
encrypting key length is 196 bits. Following is a description of the PRCSCipher's encryption process. 


Algorithm 2 PRCSCipher 

1. To begin, the information provided by users is entered into the system in plain text format (PTEXT) 

2. The length of PTEXT binaries is determined in step two. 

3. Convert PTEXT to ASCII decimal numbers and binary codes in step 3. 

4. The KPMaaS generates a 128-bit Key KEY for you to enter. 

5. The plain text binaries are broken down into 8-bit chunks in this step. 

6. Get the first eight bits of the KEY in step 6. Each 8-bit bit is represented by one revolution in a subkey 


SKEY. 

7. Using the key, rotate each of the 8-bits clockwise or anticlockwise. The SKEY is increased by one in 

each of the following eight bits. 

In reverse order, read each of the 8-bit binaries. 

. Binaries are converted into decimal at this point. 

10. The PTEXT decimal values are entered into a Matrix. Use PTEXT's length N to get the closest and 
largest square value. 

11. Make sure that the square value you selected is a multiple of the square root. 

12. Instep 12, you'll create a matrix in which the rows and columns are all the same size. 

13. The maximum matrix size is 25x25. If the PTEXT is longer than 625 characters, a new matrix is 
generated to hold the PTEXT's remaining characters. 

14. Do Row Shifting following the matrix row number in Step 14. The first row, for example, moves once, 
the second row moves twice, and so on. 

15. A total of three matrices are created: an upper matrix UMATRIX, an upper- and lower-level matrix 
LMATRIX, and a diagonal matrix DMATRIX 

16. From the top down, invert the DMATRIX values from the left to the right, and from the bottom up. 

17. Find the matrix transpose. 

18. Reading from bottom to top and from left to right, begin with the even column and work your way up to 
the odd column, which is read from top to bottom from right to left. 

19. Binaryize the matrix's decimal value. 

20. To get the 128-bit KEY's XOR, go to Step 20 and use the binaries. Repeated KEYs are used throughout 
the binary's length. 

21. The binary data is decoded into ASCII character code and numeric equivalents. 

22. Cipher Text is the result of Step 21; thus, this is the next step. The logical flow of the PUCSCipher is 
represented in Figure 2. 


© % 
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Plaintext 


Find length of the plaintext and convert it into 
binaries 


Get a 128-bit key. First 8-bit from it denotes the number of rotations of each 8-bit in plaintext should 


carried out. 


For each 8-bit in the plaintext the key is incremented by one. 
Read each 8 bits binaries in reverse order and convert the binaries into 
decimals. 


Form a matrix to accommodate the plaintext decimals 


Do Row Shifting on each matrix row according to the row 
number 
Split the matrix into three submatrices: Upper Matrix, Lower Matrix and Diagonal Matrix. 


Interchange the matrix values from UMATRIX to LMATRIX, LMATRIX to UMATRIX, and 


reverse the DMATRIX values from top to bottom 


Find the transpose of the entire matrix. 


Read the even column from bottom to top and from left to right, then read the odd column 
from top to bottom from right to left 


Convert the decimal value in the matrix into binaries. 


Find XoR of 128 bits KEY with the binaries. The KEY is repeated for the length of the 


binaries. 


The binaries are converted into decimal and corresponding ASCII character 
code. 
The ASCII character codes are the Ciphertext 


Figure 2. Logical flow of PRCS cipher 


2.3. HYCSCipher 

Users' data is encrypted before being sent to a public or private cloud, and the hybrid cloud service 
cipher (HYCSCipher) protects that data. In order to encrypt and decode data, the HYCScipher uses both of 
the preceding cyphers at the same time. The planned HYCSCipher's execution protocols are outlined below. 
The logical flow of the PUCSCipher is represented in Figure 3. 


Algorithm 3 HYCSCipher 
1. The public and private clouds are used to store user data. 
2. Users must mention public and private cloud data. 
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3. Both PUCSCipher and PRCSCipher are enabled in HYCSCipher. 

4. Public cloud data is encrypted using PUCSCipher, whereas private cloud data is encrypted using the 
PRCSCipher. 

To produce the encrypted data, both methods are run simultaneously. 

6. The user's computer transmits the encrypted data to the destination. 


mi 


User data is submitted for storing in the public and private clouds 


Users have to mention the data for public and private clouds 


HYCSCipher enabled with both PUCSCipher and 
PRCSCipher. 


PUCSCipher is applied to data stored in 
the public cloud 


PRCSCipher is applied to the data 
stored in the private cloud. 


PUCSCipher is invoked to do encryption 
of the data 


PRCSCipher is invoked to do encryption 


of the data 


PUCSCipher produces ciphertext to be 
stored in the public cloud 


PUCSCipher produces ciphertext to be 
stored in the public cloud 


Public Cloud Private Cloud 


Figure 3. Logical flow of the HYCSCipher 


3. METHOD 

Cloud storage security is the primary focus of the suggested technique. It's possible to store the data 
in a hybrid cloud. The data are kept in a hybrid cloud depending on the user's preference. The data should be 
kept in a private or public cloud, depending on the user's preference. Users may choose the cloud type based 
on the sensitivity of the data. Encryption, keys, and storage would be kept in distinct parts of the cloud under 
the proposed system. Because the provider of all these services might know everything about the data kept in 
their storage if they are obtained from the same cloud provider. Using entities to protect data is seen in the 
suggested framework architecture in Figure 4. 

The service providers don't know which encryption technique is used to encrypt the data, which key is 
used for encryption, and where the encrypted data is kept. 2. The data may be stored in public and private 
locations using two different encryption methods. Symmetric encryption protects data stored in both public and 
private clouds. The cloud-based key service provider is where you'll find the encryption key. Encryption may be 
done on-site or in the cloud, and the encrypted data is uploaded to the desired place. While concurrently 
uploading data to both the public and private cloud, the data is encrypted using the suggested encryption methods. 


3.1. Techniques for encryption of data in hybrid cloud models 

Cloud data storage may be made more secure by using the data encryption solutions that have been 
developed. Symmetrical encryption as a service (SEaaS) is a cloud-based service that provides symmetrical 
encryption. A data security model diagram for the hybrid cloud environment is shown in Figure 5. 
Symmetrical security encryption techniques are offered for both public and private and hybrid cloud settings 
in the SEaaS framework. Data may be protected via the use of cryptographic procedures. For cloud storage, a 
symmetrical cryptographic scheme is more suited. 

Asymmetric encryption isn't a good idea when dealing with large amounts of cloud-based data. 
Various cloud and cloud services are part of the proposed architecture. SEaaS's security services are the primary 
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focus of our proposal. KPMaaS is a framework that also includes other kinds of services. These are cloud 
services from both public and private cloud providers. Creating and maintaining a key is not a burden on the 
user's shoulders. Rather, the user requests the key from SEaS, which is generated by the KPMaaS service. That's 
why we're here: to learn all we can about SAAS. Encryption is requested from the SEaaS by users. The SEaaS 
complies with the user's request for encryption by implementing the desired encryption method. 


Private Cloud 


Key Generator as a Service for 
Hybrid Cloud Environment 


Figure 5. Proposed hybrid cloud data security model 


To produce the key, SEaaS sends the user's information and the encryption method they want to 
KPMaaS. In contrast to the SEaaS, the KPMaaS produces the key and delivers it directly to the user. It's 
possible that SEaaS doesn't know the encryption key used. The KPMaaS is aware of the encryption key and 
mechanism but is unaware of where the cloud-based data resides. Encrypted data is uploaded to the cloud and 
decrypted by the user. Only the data storage provider can access it, and they don't know how the data was 
encrypted. With the framework in place, a single provider can't get access to sensitive data housed in a cloud 
storage facility. This study proposes a methodology for enhancing cloud data security. The frameworks make 
use of services that are decoupled from one another. To encrypt their data, users must follow the instructions 
provided. The procedures outlined below are aimed at ensuring the safety of sensitive data. Table 1 depicts 
the notations and descriptions used in this work. 


Table 1. Notation and description 
Acronymn Description 
PUCSCipher Cryptographic ciphers for public clouds 
RCSCipher Cipher for private cloud service 
KPMaaS Maintaining a key provider as a service 
SE Secure encryption methods 
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3.2. Workflow method for a hybrid cloud 
The HYCSCipher encrypts the user’s data forwarded to the public and private cloud. The 
HYCScipher invokes both previous ciphers for encryption and decryption simultaneously. The execution 
procedures of the proposed HYCSCipher are given as: 
— The first step is to choose a cloud storage provider 
— The SEaaS helps users learn about the various security options 
—  SEaaS responds to symmetrical encryption demands from users 
— The SEaaS delivers the SE required by the user 
— Itis also possible to specify the SE to produce a key for using the SEaaS 
— For users, the symmetric key is generated and sent straight to their cloud accounts through KPMaaS 
— The KPMaaS does not share the keys it generates with SEaaS. The user was just redirected to their IP address 
— Encryption is now an option for the users 
— Encrypted data from a user's computer is sent to a cloud storage service 


3.3. Symmetric encryption as a service 

The SEaaS cloud service is a hybrid cloud designed to assure cloud data security. SEaaS is made up of 
three distinct security models to accommodate various kinds of cloud deployments. Public cloud encryption is 
available in PUCSCipher, private cloud encryption is available in PRCSipher, and the third is HYCSCipher for 
hybrid cloud encryption. This symmetric encryption method's implementation is described in subsection 3.4. 


3.4. Implementation 

The real-time cloud environment is used for the suggested study. Among the approaches studied are 
three. Using C#.Net programme coding, these strategies are turned into cloud-based software. Visual Studio 
2012 is used to create the application. MyASP.Net, a cloud-based platform, hosts the built application. 
MyASP.Net is a platform for hosting user-created applications. MyASP.Net is used to implement and host all 
of the research. Provision has been made to upload plaintext using the created and hosted software application. 


4. RESULTS AND DISCUSSION 

The user may encrypt and decode data using three different forms of encryption. The programme 
tracks encryption and decryption times. The suggested methods are evaluated based on the time it takes to 
encrypt and decode the same amount of data. Existing equivalent security measures are used to evaluate the 
system's performance. As seen in Table 2, the three suggested and current encryption methods require 
different amounts of time to decrypt. It is also compared in terms of the decryption time. The application's 
efficient coding analyses the decryption time of the encrypted data. Decryption times for proposed and current 
algorithms are shown in Table 3. 


Table 2. Compares the encryption times of several encryption algorithms 
Size (KB) DES Blowfish | PUCS Cipher [35] | PRCS Cipher _ HYCS Cipher 


100 72 44 37 31 41 
200 141 85 75 69 79 
300 213 132 112 106 119 
400 282 177 150 143 157 
500 355 223 188 181 195 


Table 3. Performance comparison by decryption time 
Size (KB) DES Blowfish _PUCS cipher [35] _ PRCS cipher _ HYCS cipher 


100 69 42 31 28 33 
200 139 81 64 62 67 
300 207 128 103 99 108 
400 276 173 138 134 142 
500 350 219 169 163 173 


4.1. Analyzing security risks 

In the Amazon cloud, EC2 leased server, the scrambled data is saved. Encrypted data is used to test the 
suggested approaches’ security. Analyzing the safety of encryption methods is made possible by the ABC 
Hackman tool. The first step is to deploy the programme on Amazon's cloud servers. After that, the data is 
decrypted using the Hackman tool [30]. It then hacks the encrypted data and attempts to recover the original data. 


Data security in cloud environment using cryptographic mechanism (Abdul Azis Fairoseban) 


470 m) ISSN: 2302-9285 


For encryption approaches, the percentage of hacking by the Hackman tool is used to determine the level of 
security they provide. As shown in Table 4, the proposed and current approaches have different levels of security. 


Table 4. Strength in security 
Techniques Security strength (%) 


Blowfish 87 
DES 81 
PUCS Cipher 89 
PRCS Cipher 91 
HYCS Cipher 89 


5. CONCLUSION 

It is more difficult to maintain data security on the cloud. There is no limit to what can be done with 
this massive infrastructure when it comes to cloud computing. Virtual resources and services are created 
based on the needs of users. Users' willingness to utilise the cloud is being curtailed because of concerns 
about data security in the cloud. As a result of this paper, a hybrid cloud security paradigm has been 
suggested that is successful. The cloud service for encryption, key creation, and storage is isolated from the 
rest of the service. Three methods are included in the encryption service for storing data in the public, 
private, and hybrid clouds. Symmetric encryption is used in all of the described methods. Cloud computing is 
used to evaluate the effectiveness of the strategies. A hybrid cloud system is more efficient when data is 
stored using the described strategies. 
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